NAT Optimized SIP Media Path with SDP

The NAT Optimized SIP Media Path with SDP feature allows the creation of a shorter path for Session Initiation Protocol (SIP) media channels by distributing endpoint IP addressing information with Session Descriptor Protocol (SDP) of SIP messages. This feature allows endpoints to communicate directly by using standard routing and eliminates the need for them to traverse through upstream NAT routers.

The Message Digest 5 (MD5) algorithm is supported.

History for the NAT Optimized SIP Media Path with SDP Feature

Release

Modification

12.4(2)T

This feature was introduced.

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Benefits of NAT Optimized SIP Media Path with SDP

•More control of voice policy is possible because the media path is closer to the customer domain and not deep within the service provider cloud.

NAT Optimized SIP Media Path with SDP Feature Design

The NAT Optimized SIP Media Path with SDP feature provides the ability to optimize the media path taken by a SIP VoIP session when NAT is used. NAT forces the VoIP traffic to take at least one extra hop in the network, which usually results in several additional hops being added to the path between two IP hosts.

Cisco IOS NAT will add the relevant translation information per SIP session within the SIP protocol messages. The SIP Application Layer Gateway support within Cisco IOS NAT will extract this translation information from the SIP packets and create NAT table entries.

The "piggybacking" of NAT translation information within the SIP call flows, the design of how users interact with the application when they talk to it, will allow the media path of a SIP VoIP session between two calling parties to take the optimized routing path between each other.

MIBs

RFCs

RFC

Title

None

—

Technical Assistance

Description

Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

Related Commands

Designates that traffic originating from or destined for the interface is subject to NAT.

ip nat inside destination

Enables NAT of the inside destination address.

ip nat inside source

Enables NAT of the inside source address.

ip nat outside source

Enables NAT of the outside source address.

ip nat pool

Defines a pool of IP addresses for NAT.

ip nat service

Changes the amount of time after which NAT translations time out.

show ip nat statistics

Displays NAT statistics.

show ip nat translations

Displays active NAT translations.

debug ip nat

To display information about IP packets translated by the IP Network Address Translation (NAT) feature, use the debug ip nat command in privileged EXEC mode. To disable debugging output, use the no form of this command.

The output in the h323 keyword was expanded to include H.245 tunneling.

12.4(2)T

The piggyback-support keyword was added.

Usage Guidelines

The NAT feature reduces the need for unique, registered IP addresses. It can also save private network administrators from needing to renumber hosts and routers that do not conform to global IP addressing.

Use the debug ip nat command to verify the operation of the NAT feature by displaying information about each packet that the router translates. The debug ip nat detailed command generates a description of each packet considered for translation. This command also displays information about certain errors or exception conditions, such as the failure to allocate a global address. To display messages related to the processing of H.225 signaling and H.245 messages, use the debug ip nat h323 command. To display messages related to the processing of SIP messages, use the debug ip nat sip command. To display messages related to the processing of VRF messages, use the debug ip nat vrf command.

Caution Because the
debug ip nat command generates a substantial amount of output, use it only when traffic on the IP network is low, so other activity on the system is not adversely affected.

Examples

The following is sample output from the debug ip nat command. In this example, the first two lines show the Domain Name System (DNS) request and reply debugging output. The remaining lines show debugging output from a Telnet connection from a host on the inside of the network to a host on the outside of the network. All Telnet packets, except for the first packet, were translated in the fast path, as indicated by the asterisk (*).

Indicates that the packet is being translated by the NAT feature. An asterisk (*) indicates that the translation is occurring in the fast path. The first packet in a conversation always goes through the slow path (that is, it is process switched). The remaining packets go through the fast path if a cache entry exists.

s=192.168.1.95->172.31.233.209

Source address of the packet and how it is being translated.

d=172.31.2.132

Destination address of the packet.

[6825]

IP identification number of the packet. Might be useful in the debugging process to correlate with other packet traces from protocol analyzers.

The following is sample output from the debug ip nat detailed command. In this example, the first two lines show the debugging output produced by a DNS request and reply. The remaining lines show the debugging output from a Telnet connection from a host on the inside of the network to a host on the outside of the network. In this example, the inside host 192.168.1.95 was assigned the global address 172.31.233.193.

Router# debug ip nat detailed

NAT: i: udp (192.168.1.95, 1493) -> (172.31.2.132, 53) [22399]

NAT: o: udp (172.31.2.132, 53) -> (172.31.233.193, 1493) [63671]

NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22400]

NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22002]

NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22401]

NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22402]

NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22060]

NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22071]

The following is sample output from the debug ip nat h323 command. In this example, an H.323 call is established between two hosts, one host on the inside and the other host on the outside. The debugging output displays the H.323 message names that NAT recognizes and the embedded IP addresses contained in those messages.

The following is sample output from the debug ip nat sip command. In this example, one IP phone registers with a Cisco SIP proxy and then calls another IP phone. The debugging output displays the SIP messages that NAT recognizes and the embedded IP addresses contained in those messages.